Resubmissions
23-04-2024 07:56
240423-js1dvseg4v 815-04-2024 17:56
240415-wh898seg9w 825-06-2021 19:13
210625-g3rlde4dqn 817-01-2021 18:18
210117-lzgtt5m89n 1012-01-2021 14:53
210112-6aqfd4757x 10Analysis
-
max time kernel
4145544s -
max time network
134s -
platform
android_x86 -
resource
android-x86_arm -
submitted
12-01-2021 14:53
General
-
Target
WIFI.apk
-
Size
2.9MB
-
MD5
79ba96848428337e685e10b06ccc1c89
-
SHA1
51b31827c1d961ced142a3c5f3efa2b389f9c5ad
-
SHA256
854774a198db490a1ae9f06d5da5fe6a1f683bf3d7186e56776516f982d41ad3
-
SHA512
ed0e788b735de1508eb387a20bff312094bb9b935c5b2d278391c01edf27550816515e60054b687f14ce04e7ccb7c46f0169a93df571abd623d4ee0b150f1f43
Score
10/10
Malware Config
Extracted
AES_key
AES_key
Signatures
-
Reads device subscriber ID 1 IoCs
Uses Android APIs to read subscriber ID (IMSI on GSM devices).
-
Removes its main activity from the application launcher 1 IoCs
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks Android system properties for emulator presence. 4 IoCs
-
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
-
Reads serial number of SIM 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
-
Suspicious use of android.location.LocationManager.getLastKnownLocation 9 IoCs
-
Suspicious use of android.os.PowerManager$WakeLock.acquire 4 IoCs
-
Suspicious use of android.telephony.TelephonyManager.getPhoneType 4 IoCs
-
Uses reflection 102 IoCs
Processes
-
org.xmlpush.v31⤵
- Reads device subscriber ID
- Removes its main activity from the application launcher
- Requests cell location
- Checks Android system properties for emulator presence.
- Reads name of network operator
- Reads serial number of SIM
- Uses Crypto APIs (Might try to encrypt user data).
- Suspicious use of android.location.LocationManager.getLastKnownLocation
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getPhoneType
- Uses reflection
-
org.xmlpush.v32⤵